+1 Phil
@independentid www.independentid.com [email protected] > On Aug 14, 2015, at 12:08 PM, John Bradley <[email protected]> wrote: > > +1 > >> On Aug 14, 2015, at 3:03 PM, Brian Campbell <[email protected] >> <mailto:[email protected]>> wrote: >> >> +1 for "rba" >> >> On Fri, Aug 14, 2015 at 11:52 AM, William Denniss <[email protected] >> <mailto:[email protected]>> wrote: >> Fair point. RBA is a fairly common acronym for Risk-Based Authentication, >> how about going with "rba"? Would align with existing "mfa", "mca" >> definitions (while also saving 1 character and helping the ambiguity issue). >> >> On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected] >> <mailto:[email protected]>> wrote: >> I hear you, but we’re trying to keep the values short for space reasons – >> just like other identifiers in JWTs. Ultimately, the values aren’t >> meaningful without referring to the spec in the first place, so the place to >> beef up the meaning is in the description in the spec – not in the “amr” >> value. If you’d like to suggest any edits in that regard, have at it! >> >> >> >> Thanks, >> >> -- Mike >> >> >> >> From: William Denniss [mailto:[email protected] >> <mailto:[email protected]>] >> Sent: Friday, August 14, 2015 1:40 PM >> To: Mike Jones >> Cc: [email protected] <mailto:[email protected]> >> Subject: Re: [OAUTH-WG] “amr” Values spec updated >> >> >> >> Looking good, thanks for putting this together. >> >> >> >> I wonder if we should say "risk_based" rather than just "risk" to avoid >> ambiguity (i.e. that it's not a risky authentication method, rather, it was >> risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a >> logical story. >> >> >> >> >> >> >> >> On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected] >> <mailto:[email protected]>> wrote: >> >> I’ve updated the Authentication Method Reference Values spec to incorporate >> feedback received from the OAuth working group. Changes were: >> >> · Added the values “mca” (multiple-channel authentication), “risk” >> (risk-based authentication), and “user” (user presence test). >> >> · Added citations in the definitions of Windows integrated >> authentication, knowledge-based authentication, risk-based authentication, >> multiple-factor authentication, one-time password, and proof-of-possession. >> >> · Alphabetized the values. >> >> · Added Tony Nadalin as an author and added acknowledgements. >> >> >> >> The specification is available at: >> >> · http://tools.ietf.org/html/draft-jones-oauth-amr-values-01 >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d> >> >> >> An HTML formatted version is also available at: >> >> · http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d> >> >> >> -- Mike >> >> >> >> P.S. This note was also posted at http://self-issued.info/?p=1437 >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d> >> and as @selfissued >> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d>. >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d> >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
